The Federal Communications Commission’s (FCC) Privacy and Data Protection Task Force announced a Memorandum of Understanding (MOU) with the California Privacy Protection Agency (CPPA). FCC Chairwoman Jessica Rosenworcel stated consumer data “share[d] with companies or transmit[ted] on networks [is] too often targeted by bad actors or mishandled.” This partnership exemplifies that combatting consumer privacy threats will remain a top priority for the FCC.
While the FCC has entered into similar data privacy partnerships with a number of other state Attorneys General, the CPPA is the only state agency exclusively focused on consumer’s privacy rights.[1] The CPPA not only has the ability to enforce California’s privacy laws, but it can also create new regulations as needed to ensure compliance with the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act. California’s active participation in protecting consumer privacy has resulted in the state being at the forefront of privacy regulation for other states to follow.
This partnership between the FCC’s Privacy and Data Protection Task Force and the CPPA allows the agencies to share expertise and resources while also coordinating efforts in conducting investigations to protect consumer privacy. Not only does this active collaboration give each agency critical information that it may not have had access to before, but it also drastically increases the ability to efficiently resolve investigations. This will be seen by FFC Enforcement Bureau employees, alongside CCPA investigators, actively seeking records, talking to witnesses, interviewing targets, examining consumer complaints and taking other critical steps to build records against possible privacy threats.
The CPPA’s enforcement division recently announced its intention to begin reviewing data brokers’ compliance with the Delete Act that Governor Gavin Newsom signed into law in October 2023. The Delete Act added to California’s existing data privacy laws by granting residents of the state the right to demand that data brokers erase their personal data from their records, essentially providing a one-stop shop deletion mechanism. With the recent MOU announced by the FCC, data brokers will now have even more eyes on them, searching for any evidence hinting at non-compliance.
The FCC has been busy outside of state-focused regulation since it launched the Privacy and Data Protection Task Force in June 2023. Earlier this year, the agency fined the nation’s major wireless carriers almost $200 million collectively for selling user location data to third parties without their consent. Additionally, the FCC and Office of the Privacy Commissioner of Canada signed a MOU in August 2024 to ensure that telecommunications carriers adhere to strict privacy and cybersecurity standards.
The active coordination between federal and state agencies seen in the MOU between the FCC and the CPPA is only a glimpse of what is to come regarding government collaboration to protect consumer privacy and data.
[1] The FCC’s Enforcement Bureau has privacy and data protection partnerships with the Attorneys General of Connecticut, Illinois, New York, Oregon, Pennsylvania, the District of Columbia, Massachusetts, Maine, Vermont, Delaware and Indiana.
